Actions
Defect #15567
closed
cookiestore / session management
Status:
Closed
Priority:
Normal
Category:
Security
Target version:
-
Start date:
Due date:
% Done:
0%
Estimated time:
Resolution:
Affected version:
Description
I don't know if this is a true threat or not, but redmine is explicitly mentioned here:
http://maverickblogging.com/list-of-websites-using-ruby-on-rails-cookiestore-for-session-management/
http://projects.webappsec.org/w/page/13246944/Insufficient%20Session%20Expiration
Reply: No, Rails' CookieStore isn't broken
Do we need to to something about this?
Updated by 
Updated by
Actions